Government, industry debate cybersecurity remedies

A congressional subcommittee took federal agencies to task Tuesday for their poor progress in securing their computer systems. The rebuke came two days before industry technology experts are expected to release reports on ways to fix the private sector's own security woes.

During , members of the House Committee on Government Reform's Subcommittee on Technology, Information Policy, Intergovernmental Relations, and the Census noted a measured improvement in the computer security of 24 agencies but chastised the groups for moving too slow. Although network security increased on average for the federal agencies in 2003, only half of the federal groups had completed basic security assessments of every system on their networks.

"Our government has taken very dramatic steps to increase our physical security, but protecting our information networks has not progressed commensurately, either in the public or private sector," subcommittee chair Adam Putnam, D-Fla., said in a statement. "We are collectively not moving fast enough to protect the American people and the U.S. economy from the very real threats that exist today."

The government debate took place as five industry working groups are preparing to release their interim reports on how to improve private sector Internet security. Two working groups--one focusing on security awareness for home users and small businesses and the other focusing on a workable cybersecurity warning system--will release their initial recommendations Thursday. A third report, on technical standards, will be released March 31, and two final reports, on improving software development practices and on ways of making boardrooms more responsible for information security, will arrive April 6.

Only two agencies, the Nuclear Regulatory Commission and the National Science Foundation, received a grade of A. Fourteen other agencies improved their grades, while two, the Department of Health and Human Services and the National Aeronautics and Space Administration, lost ground. Overall, the government earned a D on this year's report card. In 2002, it was given an F.

The Department of Homeland Security itself, which is now a year old, failed the audit. However, Putnam largely gave the group a bye.

"While the DHS had a failing grade, we recognize the difficult organization that took place and we expect significant improvement next year," Putnam said in a statement.

The industry working group drafting guidelines for an effective early warning system will be able to point on Thursday to some solid progress. In late January, the Department of Homeland Security inaugurated a cyberalert system that warns the average citizen and technical computer users alike of security threats. The system relies on the expertise of many security companies.

It's not clear yet, however, whether the system has helped raise security awareness.